On 01/13/2015 12:35 PM, Mike wrote:


Just a note to anyone else who may be interested. This may be obvious but it wasn't to me at first, The "ipa dnszone-mod ... --update-policy=..." command wipes out the existing BIND update policy. So what would seem to me to be the correct procedure is to do "ipa dnszone-show --all" first to get the existing policy. Then append the new policy to the existing. This is what ultimatley worked for me (all one line).

ipa dnszone-mod inside.lan --update-policy="grant INSIDE.LAN krb5-self * A; grant INSIDE.LAN krb5-self * AAAA; grant INSIDE.LAN krb5-self * SSHFP; grant dhcpupdate zonesub A; grant dhcpupdate zonesub TXT; grant dhcpupdate zonesub PTR;"




Would you mind contributing a howto solution to FreeIPA site?

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to